<html>
<head><meta charset="utf-8"><title>Letting Read::read initialize memory · t-lang/wg-unsafe-code-guidelines · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/index.html">t-lang/wg-unsafe-code-guidelines</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html">Letting Read::read initialize memory</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="157985072"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985072" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985072">(Feb 10 2019 at 18:17)</a>:</h4>
<p>At the all-hands, <span class="user-mention" data-user-id="143274">@Amanieu d'Antras</span> and <span class="user-mention" data-user-id="119235">@David Tolnay</span> suggested the following approach to passing uninitialized memory to Read::read: We could add a function like <code>fn freeze&lt;T&gt;(x: *mut T)</code> to libcore, and the semantics of that function is to "freeze" the memory pointed to by <code>x</code> (and with the size given by <code>T</code>). The "freeze" operation is the same as in <a href="https://www.cs.utah.edu/~regehr/papers/undef-pldi17.pdf" target="_blank" title="https://www.cs.utah.edu/~regehr/papers/undef-pldi17.pdf">this paper</a>, and its semantics basically is to turn the uninitialized parts of that memory into some non-deterministic fixed bit pattern. Since any fixed bit pattern is valid in a <code>&amp;mut [u8]</code>, an uninitialized array can be passed to <code>Read::read</code> after freezing.<br>
The main problem here is actually implementing this function in LLVM, but their realization was that <code>black_box</code>, i.e. an empty <code>volatile memory</code> assembly block, should have this effect.</p>
<p>What do you think of this plan? I am particularly curious about <span class="user-mention" data-user-id="124289">@rkruppe</span>'s thoughts on the LLVM side of this. Also, <span class="user-mention" data-user-id="143274">@Amanieu d'Antras</span> , <span class="user-mention" data-user-id="119235">@David Tolnay</span> how did you plan to introduce this -- seems like it would need an RFC?</p>



<a name="157985141"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985141" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985141">(Feb 10 2019 at 18:19)</a>:</h4>
<p>As discussed on #rust-libs on IRC... 1) asm! does not exist on all platforms</p>



<a name="157985146"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985146" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985146">(Feb 10 2019 at 18:19)</a>:</h4>
<p>it would be possible to "freeze" by passing an "uninit" buffer into an extern function LLVM has no insight into</p>



<a name="157985149"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985149" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985149">(Feb 10 2019 at 18:19)</a>:</h4>
<p>LLVM side of things: <a href="https://reviews.llvm.org/D29011" target="_blank" title="https://reviews.llvm.org/D29011">https://reviews.llvm.org/D29011</a></p>



<a name="157985206"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985206" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985206">(Feb 10 2019 at 18:20)</a>:</h4>
<p>i.e. an instruction that does this has been long-time desired, but hasn’t landed yet despite the existing implementation.</p>



<a name="157985213"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985213" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985213">(Feb 10 2019 at 18:21)</a>:</h4>
<p>reasons are unclear to me.</p>



<a name="157985332"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985332" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985332">(Feb 10 2019 at 18:25)</a>:</h4>
<p>the instruction is for values though, not for memory -- it would likely need to be run in a loop or so</p>



<a name="157985336"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985336" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985336">(Feb 10 2019 at 18:25)</a>:</h4>
<p>What platforms does a nop asm!() not work on? wasm and BPF, I assume, anything else? On those platforms, throwing in an extern function is problematic: e.g., in wasm that will mean everyone using rustc-generated wasm will have to actually supply such a no-op function under the name we choose (unless we do very hacky hacks in the linking stage).</p>



<a name="157985384"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985384" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985384">(Feb 10 2019 at 18:26)</a>:</h4>
<p><span class="user-mention" data-user-id="124289">@rkruppe</span> wasm is the most problematic outstanding example of this, yes.</p>



<a name="157985387"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985387" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985387">(Feb 10 2019 at 18:26)</a>:</h4>
<p>I recall there being T3 platforms that do not have asmparser component in LLVM, but I don’t recall which platforms are these</p>



<a name="157985388"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985388" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985388">(Feb 10 2019 at 18:26)</a>:</h4>
<p>the last I know, one issue the LLVM devs have with adapting freeze/poison is about whether poison works on a per-byte or per-value level. but it seems to me that <code>freeze</code> can be defined and is useful independent of such questions.</p>



<a name="157985401"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985401" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985401">(Feb 10 2019 at 18:27)</a>:</h4>
<p>Yes, there are difficult open questions about how to proceed with undef/poison, but both an <code>volatile memory</code> inline asm or an unknown external function must be conservatively assumed to initialize the memory in some fashion, so it side steps all questions about how uninitialized memory would behave.</p>



<a name="157985444"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985444" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985444">(Feb 10 2019 at 18:28)</a>:</h4>
<p>Of course, they both have the side effect of also blocking other optimizations, but for Read::read specifically that doesn't feel like it should be an issue.</p>



<a name="157985445"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985445" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985445">(Feb 10 2019 at 18:28)</a>:</h4>
<p>one option would be to call something like <code>memset</code> with <code>0</code> size with <code>nobuiltin</code> flag set (so that LLVM does not handle it as such)</p>



<a name="157985462"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985462" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985462">(Feb 10 2019 at 18:29)</a>:</h4>
<p>I am very uncertain about whether <code>nobuiltin</code> will actually make it do what we want, and even if it does, we'll lose very desirable optimizations in the surrounding code.</p>



<a name="157985511"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985511" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985511">(Feb 10 2019 at 18:30)</a>:</h4>
<p>Not more than we would with <code>black_box</code>, though?</p>



<a name="157985513"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985513" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985513">(Feb 10 2019 at 18:30)</a>:</h4>
<p><span class="user-mention" data-user-id="124289">@rkruppe</span> given that <code>asm!</code> is an “acceptable” solution and that it inhibits just about every optimisation out there...</p>



<a name="157985527"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985527" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985527">(Feb 10 2019 at 18:30)</a>:</h4>
<p>they seemed to think that that is fine in this situation. we can always provide a better implementation of this later without changing the contract of this function.</p>



<a name="157985528"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985528" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985528">(Feb 10 2019 at 18:30)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> it is not appropriate to talk about this in terms of <code>black_box</code>, because that is a hint function and may be a no-op.</p>



<a name="157985532"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985532" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985532">(Feb 10 2019 at 18:30)</a>:</h4>
<p><span class="user-mention" data-user-id="123586">@nagisa</span> fair, I meant "what <code>black_box</code> will get implemented as"</p>



<a name="157985534"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985534" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985534">(Feb 10 2019 at 18:30)</a>:</h4>
<p>Sorry, to be clearer, I don't mean the immediately surrounding code, I mean other uses of memset in the rest of the function/module</p>



<a name="157985545"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985545" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985545">(Feb 10 2019 at 18:31)</a>:</h4>
<p><span class="user-mention" data-user-id="124289">@rkruppe</span> <code>nobuiltin</code> is a callsite attribute, not a function attribute.</p>



<a name="157985546"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985546" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985546">(Feb 10 2019 at 18:31)</a>:</h4>
<p>Ohhh, per call site even? nice</p>



<a name="157985548"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985548" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985548">(Feb 10 2019 at 18:31)</a>:</h4>
<p>I think?</p>



<a name="157985590"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985590" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985590">(Feb 10 2019 at 18:32)</a>:</h4>
<p>Us having such a language construct might also give those that want to add freeze to LLVM some support :D</p>



<a name="157985593"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985593" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985593">(Feb 10 2019 at 18:32)</a>:</h4>
<p>But I am still concerned about to what extent nobuiltin will stop LLVM optimizations. e.g. it certainly stops  loop idiom recognition, but I can imagine missing checks for it elsewhere</p>



<a name="157985594"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985594" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985594">(Feb 10 2019 at 18:32)</a>:</h4>
<p>Could we instead just patch the affected backends to accept (only) inline asm with an empty asm string?</p>



<a name="157985602"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985602" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985602">(Feb 10 2019 at 18:33)</a>:</h4>
<p>but then we break with system LLVM...</p>



<a name="157985651"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985651" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985651">(Feb 10 2019 at 18:34)</a>:</h4>
<p>At least it'll be a compile time error rather than a miscompile :)<br>
 And it only affects a few (currently) rather nice targets.</p>



<a name="157985716"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157985716" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157985716">(Feb 10 2019 at 18:36)</a>:</h4>
<p>there is ASMParser in wasm target subdirectory tree.</p>



<a name="157986077"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157986077" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157986077">(Feb 10 2019 at 18:47)</a>:</h4>
<p>I’m actually very surprised about <code>freeze</code> only taking integer values as an argument</p>



<a name="157986078"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157986078" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157986078">(Feb 10 2019 at 18:48)</a>:</h4>
<p>not even aggregates.</p>



<a name="157986461"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157986461" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157986461">(Feb 10 2019 at 18:58)</a>:</h4>
<p>FCAs should just go away imo</p>



<a name="157988678"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157988678" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157988678">(Feb 10 2019 at 19:56)</a>:</h4>
<p>FCAs?</p>



<a name="157990813"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/157990813" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#157990813">(Feb 10 2019 at 20:56)</a>:</h4>
<p>first-class aggregates, i.e., structs and arrays used as SSA values</p>



<a name="158047539"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158047539" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158047539">(Feb 11 2019 at 17:19)</a>:</h4>
<p>Alternatively you could write the address of the buffer to a global atomic and then issue a compiler fence. LLVM must assume that a signal handler could have read the global atomic and used it to fill the buffer.</p>



<a name="158375454"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158375454" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158375454">(Feb 12 2019 at 18:31)</a>:</h4>
<blockquote>
<p>What do you think of this plan?</p>
</blockquote>
<p>While freeze is ok, I'm still unconvinced about allowing uninitialized integers. The only argument seems to be "to avoid breaking code using <code>mem::uninitialized</code>", but AFAICT we want to deprecate <code>mem::uninitialized</code> anyways.</p>



<a name="158385135"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158385135" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158385135">(Feb 12 2019 at 20:33)</a>:</h4>
<p>Deprecating it will not make any existing uses go away.</p>



<a name="158385152"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158385152" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158385152">(Feb 12 2019 at 20:33)</a>:</h4>
<p><span class="user-mention" data-user-id="124289">@rkruppe</span> the plan is to make it freeze memory</p>



<a name="158385228"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158385228" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158385228">(Feb 12 2019 at 20:34)</a>:</h4>
<p>I saw mention of that, but I was replying specifically to what <span class="user-mention" data-user-id="132920">@gnzlbg</span> wrote here</p>



<a name="158385248"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158385248" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158385248">(Feb 12 2019 at 20:35)</a>:</h4>
<p>that will make the issue with integers go away for sure, and actually in practice I think this will even make the issues with all the other types go away (if freeze is implemented as an assembly block) as LLVM has to assume they might have been initialized correctly.</p>



<a name="158385279"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158385279" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158385279">(Feb 12 2019 at 20:35)</a>:</h4>
<p>yeah I think <span class="user-mention" data-user-id="132920">@gnzlbg</span> said that in the context of the proposal to freeze</p>



<a name="158385518"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158385518" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158385518">(Feb 12 2019 at 20:38)</a>:</h4>
<p>OK. Speaking of which: I'd like to actually get some experience with shipping ptr::freeze based code before comitting. Replacing <code>mem::uninitialized</code> with <code>MaybeUninit</code> currently has regressions and I would hate to bring similar regressions to existing unmodified code if we can avoid it</p>



<a name="158387436"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158387436" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158387436">(Feb 12 2019 at 21:06)</a>:</h4>
<blockquote>
<p>Replacing mem::uninitialized with MaybeUninit currently has regressions</p>
</blockquote>
<p>It does? I thought we fixed them?</p>



<a name="158387493"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158387493" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158387493">(Feb 12 2019 at 21:07)</a>:</h4>
<p>I was thinking of <a href="https://github.com/rust-lang/rust/issues/58201" target="_blank" title="https://github.com/rust-lang/rust/issues/58201">https://github.com/rust-lang/rust/issues/58201</a> but I misremembered, that happens with mem::uninitialized too</p>



<a name="158458783"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158458783" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158458783">(Feb 13 2019 at 17:16)</a>:</h4>
<p>Where might I read more about freeze? I see this PR: <a href="https://github.com/rust-lang/rust/pull/58363" target="_blank" title="https://github.com/rust-lang/rust/pull/58363">https://github.com/rust-lang/rust/pull/58363</a></p>



<a name="158459321"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158459321" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158459321">(Feb 13 2019 at 17:23)</a>:</h4>
<p>what kind of documentation are you looking for? there's <a href="https://www.cs.utah.edu/~regehr/papers/undef-pldi17.pdf" target="_blank" title="https://www.cs.utah.edu/~regehr/papers/undef-pldi17.pdf">https://www.cs.utah.edu/~regehr/papers/undef-pldi17.pdf</a>, but I suppose you were not asking for a paper?</p>



<a name="158460527"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158460527" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158460527">(Feb 13 2019 at 17:39)</a>:</h4>
<p>Well, I was rather hoping for something more Rust-specific</p>



<a name="158460589"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158460589" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158460589">(Feb 13 2019 at 17:40)</a>:</h4>
<p><em>insert my typical moaning about Rust having more features than documentation</em></p>



<a name="158464156"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158464156" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158464156">(Feb 13 2019 at 18:22)</a>:</h4>
<p>I'm afraid I don't know of anything</p>



<a name="158464169"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158464169" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158464169">(Feb 13 2019 at 18:23)</a>:</h4>
<p>ideally the doccomment in that PR would help?</p>



<a name="158464194"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158464194" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158464194">(Feb 13 2019 at 18:23)</a>:</h4>
<p>is there a concrete question you have? that might help expanding the docs</p>



<a name="158469692"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158469692" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158469692">(Feb 13 2019 at 19:27)</a>:</h4>
<p><span class="user-mention" data-user-id="116155">@Jake Goulding</span> My understanding on a very broad level is that freeze makes uninitalized memory readable; normally, it's UB to read it, whereas freeze makes those bytes 'frozen' in that they're no longer going to be side</p>



<a name="158470932"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158470932" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158470932">(Feb 13 2019 at 19:43)</a>:</h4>
<blockquote>
<p>no longer going to be side</p>
</blockquote>
<p><span class="user-mention" data-user-id="116122">@simulacrum</span> typo?</p>



<a name="158471241"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158471241" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158471241">(Feb 13 2019 at 19:47)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> no real concrete questions. The way my brain works is to have a big catalog of "these are the available tools" and then mapping them to usecases (this is why I like SO — it exercises those connections). This often involves having a broad but shallow understanding of many things. I see an interesting thing like "freeze" (which unfortunately makes me think of <a href="https://blog.honeybadger.io/when-to-use-freeze-and-frozen-in-ruby/" target="_blank" title="https://blog.honeybadger.io/when-to-use-freeze-and-frozen-in-ruby/">Ruby's freeze</a>) and I want to know how to file it away in the brain.</p>



<a name="158471350"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158471350" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158471350">(Feb 13 2019 at 19:49)</a>:</h4>
<p><span class="user-mention" data-user-id="116122">@simulacrum</span> correction: it is UB to perform any operation on it (comparison, arithmetic, whatever), but a plain read (at least into a <code>MaybeUninit</code>) is not UB</p>



<a name="158471463"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158471463" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158471463">(Feb 13 2019 at 19:50)</a>:</h4>
<p>it's not like Ruby's freeze at all, that much I can say^^</p>



<a name="158481573"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158481573" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158481573">(Feb 13 2019 at 22:06)</a>:</h4>
<p>no idea what I meant by "side" there</p>
<p>Ah, interesting -- I was not aware that plain read would be permitted...</p>



<a name="158490085"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158490085" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158490085">(Feb 14 2019 at 00:32)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> how can a comparison be UB when a read isn't? What is the important difference?</p>



<a name="158510960"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158510960" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158510960">(Feb 14 2019 at 08:08)</a>:</h4>
<p><span class="user-mention" data-user-id="116155">@Jake Goulding</span> anything that actually inspects the bits is UB, basically</p>



<a name="158510963"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158510963" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158510963">(Feb 14 2019 at 08:09)</a>:</h4>
<p>reading does not inspect the bits</p>



<a name="158511030"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158511030" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158511030">(Feb 14 2019 at 08:10)</a>:</h4>
<p>(LLVM is slightly more permissive: there, comparing uninit with something isn't UB, but it returns uninit. So anything that uninit even indirectly flows into gets "poisened" by uninit. If you then ever do a conditional branch on uninit, that's UB. This is a good choice for an optimizing IR, but for a surface language like Rust I feel it is simpler to make UB happen earlier.)</p>



<a name="158535026"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158535026" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158535026">(Feb 14 2019 at 15:00)</a>:</h4>
<blockquote>
<p>reading does not inspect the bits</p>
</blockquote>
<p>I do not follow this sentence. Are we using non-English definitions for "read"?</p>



<a name="158535061"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158535061" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158535061">(Feb 14 2019 at 15:00)</a>:</h4>
<p>How could reading data do anything <strong>but</strong> look at the bits... that it... <em>reads</em>?</p>



<a name="158535165"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158535165" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158535165">(Feb 14 2019 at 15:01)</a>:</h4>
<p>"read" in the sense of "read memory" or "load from memory", so it <em>copies</em> them but does not care what the bits are</p>



<a name="158535546"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158535546" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158535546">(Feb 14 2019 at 15:03)</a>:</h4>
<p><span class="user-mention" data-user-id="116155">@Jake Goulding</span> hm yeah words are hard sometimes around this. basically, imagine every byte in memory is of the following type</p>
<div class="codehilite"><pre><span></span><span class="k">enum</span> <span class="nc">Byte</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">Uninit</span><span class="p">,</span><span class="w"> </span><span class="n">Init</span><span class="p">(</span><span class="kt">u8</span><span class="p">)</span><span class="w"> </span><span class="p">}</span><span class="w"></span>
</pre></div>



<a name="158535573"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158535573" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158535573">(Feb 14 2019 at 15:03)</a>:</h4>
<p>then a "read" operation will just copy data at type <code>Byte</code>, no problem</p>



<a name="158535631"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158535631" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158535631">(Feb 14 2019 at 15:04)</a>:</h4>
<p>but any operation that needs to actually do a <code>match</code> is UB if the byte is currently <code>Uninit</code></p>



<a name="158535636"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158535636" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158535636">(Feb 14 2019 at 15:04)</a>:</h4>
<p>does that make sense?</p>



<a name="158535709"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158535709" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158535709">(Feb 14 2019 at 15:05)</a>:</h4>
<p>Are these terms set in stone already? If we could magically come up with something else, could those be used?</p>



<a name="158536157"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158536157" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158536157">(Feb 14 2019 at 15:10)</a>:</h4>
<p>Is it accurate to say  "if the CPU uses the data to make a decision, it's UB"?</p>



<a name="158536235"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158536235" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158536235">(Feb 14 2019 at 15:10)</a>:</h4>
<p>I guess that's pretty close to "if you then ever do a conditional branch on ..."</p>



<a name="158536301"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158536301" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158536301">(Feb 14 2019 at 15:11)</a>:</h4>
<p>The CPU doesn't really enter the picture, this is all formal language semantics. The CPU doesn't have a concept of uninitalized memory to begin with.</p>



<a name="158536323"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158536323" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158536323">(Feb 14 2019 at 15:12)</a>:</h4>
<p>And in the formal semantics, it's most likely that even arithmetic and bitwise operations and the like are UB on uninit data.</p>



<a name="158536648"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158536648" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158536648">(Feb 14 2019 at 15:15)</a>:</h4>
<blockquote>
<p>Are these terms set in stone already? If we could magically come up with something else, could those be used?</p>
</blockquote>
<p>do you mean the words we are using or the actual rules?</p>



<a name="158536688"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158536688" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158536688">(Feb 14 2019 at 15:16)</a>:</h4>
<p>LLVM has a set of rules that we're unlikely to change (they call it <code>poison</code>, I call it <code>Uninit</code>, it's the same thing)</p>



<a name="158536753"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158536753" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158536753">(Feb 14 2019 at 15:16)</a>:</h4>
<p>and the only wiggle-room (EDIT: for Rust) I know is whether <code>Uninit + x</code> is UB, or returns <code>Uninit</code>.</p>



<a name="158536767"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158536767" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158536767">(Feb 14 2019 at 15:16)</a>:</h4>
<blockquote>
<p>And in the formal semantics, it's most likely that even arithmetic and bitwise operations and the like are UB on uninit data.</p>
</blockquote>
<p>yeah, that's certainly how LLVM handles it</p>



<a name="158536832"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158536832" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158536832">(Feb 14 2019 at 15:17)</a>:</h4>
<p>that is required to enable optimizations that turn logical into arithmetic operations, I think</p>



<a name="158536935"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158536935" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158536935">(Feb 14 2019 at 15:18)</a>:</h4>
<p>I'm really sure <code>poison + 1</code> is <code>poison</code>, not UB. <code>select</code> may be different but that's basically a kind of branch.</p>



<a name="158536951"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158536951" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158536951">(Feb 14 2019 at 15:18)</a>:</h4>
<p>yeah LLVM delays UB as much as possible, sorry if what I said came across differently</p>



<a name="158536963"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158536963" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158536963">(Feb 14 2019 at 15:18)</a>:</h4>
<p>they need that to be able to reorder stuff</p>



<a name="158536976"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158536976" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158536976">(Feb 14 2019 at 15:19)</a>:</h4>
<p>and hoist it out of loops, in particular</p>



<a name="158536992"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158536992" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158536992">(Feb 14 2019 at 15:19)</a>:</h4>
<p>but for a surface language like Rust, it might be easier to just say UB earlier</p>



<a name="158537070"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158537070" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158537070">(Feb 14 2019 at 15:20)</a>:</h4>
<p>Yes, I agree with that. What you said earlier seems to directly contradict that.</p>



<a name="158537437"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158537437" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158537437">(Feb 14 2019 at 15:24)</a>:</h4>
<p>then it was probably a statement about Rust that I made in a way that it sounds like I am talking about LLVM?</p>



<a name="158538084"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158538084" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158538084">(Feb 14 2019 at 15:30)</a>:</h4>
<blockquote>
<blockquote>
<p>And in the formal semantics, it's most likely that even arithmetic and bitwise operations and the like are UB on uninit data.</p>
</blockquote>
<p>yeah, that's certainly how LLVM handles it</p>
</blockquote>
<p>^ this is what threw me off, and there you mention LLVM explicitly ^^;</p>



<a name="158538145"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158538145" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158538145">(Feb 14 2019 at 15:31)</a>:</h4>
<p><span class="user-mention" data-user-id="124289">@rkruppe</span> s/CPU/the program/ then?</p>



<a name="158538224"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158538224" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158538224">(Feb 14 2019 at 15:32)</a>:</h4>
<p>Yeah that solves that objection. But also note the subtleties under "make a decision"; it may not be just branching and the like but even just operating on it with primitive operations such as <code>+</code>.</p>



<a name="158538988"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158538988" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158538988">(Feb 14 2019 at 15:41)</a>:</h4>
<p>"used for computation"?</p>



<a name="158539029"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158539029" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158539029">(Feb 14 2019 at 15:41)</a>:</h4>
<p>i guess?</p>



<a name="158539963"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158539963" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158539963">(Feb 14 2019 at 15:51)</a>:</h4>
<blockquote>
<p>^ this is what threw me off, and there you mention LLVM explicitly ^^;</p>
</blockquote>
<p>hm, no idea what I was thinking. I probably misread. sorry.</p>



<a name="158540155"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting%20Read%3A%3Aread%20initialize%20memory/near/158540155" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Letting.20Read.3A.3Aread.20initialize.20memory.html#158540155">(Feb 14 2019 at 15:53)</a>:</h4>
<blockquote>
<p>"used for computation"?</p>
</blockquote>
<p>I usually say "anything but a simple copy". <em>shrug</em></p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>